-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ironclaw,
On 4/23/12 9:18 AM, ironclaw hand wrote:
> So are you saying I should do away with the mod_jk.conf
> completely?
That depends upon what is in mod_jk.conf. Your mod_jk.conf looks like
a mix between global mod_jk directives (e.g. JkWorkersFile) and
VirtualHost-specific directives (e.g. <Location> and JkMounts).
I would recommend putting all your global configuration into
mod_jk.conf and then putting your VirtualHost-specific configuration
into the appropriate VirtualHost (possibly the default one).
It looks like you have an old example of how to set up mod_jk. The
following properties are no longer useful in workers.properties:
workers.apache_log=/var/log/httpd/
workers.tomcat_home=/var/tomcat
workers.java_home=/usr/java/latest
ps=/
Finally, if you are going to do this:
Alias /sft "/var/webapps/sft"
<Directory "/var/webapps/sft">
Options Indexes FollowSymLinks
</Directory>
You'll have to protect more than just this:
<Location "/sft/WEB-INF/">
AllowOverride None
deny from all
</Location>
If you have anything sensitive in sft/META-INF (like a context.xml
containing your LDAP or database credentials for instance).
Also, since the content lives on the filesystem, you might be better
off using a <Directory> directive instead (or in addition to)
<Location>. Be very careful if you decide to use an Alias to your
appBase: it's usually discouraged on a security basis.
> JkMount /sft/* loadbalancer
>
> JkUnMount /*.html loadbalancer
JkMounts need to be *inside* a VirtualHost: otherwise, they have no
effect.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+VYVAACgkQ9CaO5/Lv0PCkVgCgqw11nIU5ZnJ1DZ165WQQ1ZEN
UTAAn2CKlcjIiOO+oFkQFGHeJFpfVHQt
=w8JP
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
